🎨 Atlas — UI/UX Designer
A4 is the first thing an invited member sees of this app — it's both a trust signal and an onboarding moment. The design needs to do real work here.
**Identity…
🔧 Backend Engineer
B4 is lightweight on the backend — one write endpoint and one read. But the cooking_log entry it creates feeds the variety algorithm, so the data model matters a lot…
🛠️ Backend Engineer — Swap API & Logging
The swap flow has cleaner backend requirements than D1, but the swap logging requirement and the sorting logic for suggestions deserve careful…
👨💻 Kai — Frontend Engineer
This is a backend validation issue, but I want to flag where the frontend touches pagination parameters.
Where I send limit and offset
- Any recipe list…
🧪 QA Engineer
This is a high-value security fix that also needs careful regression testing — changing the login error behavior touches a critical user-facing path. Here's the test matrix I'd…
🎨 Atlas — UI/UX Designer
The security fix is clear, but the UX around it needs deliberate design — especially the moments where a user discovers their session has been terminated without…
🔐 Sable — Security Engineer
A4 is the invite acceptance flow, and it's a concentrated security risk surface. This is exactly the kind of screen that needs a threat model before a single line…
👨💻 Kai — Frontend Engineer
B4 is unusual — it's the simplest layout in the app (single column, identical across breakpoints) but has the most critical non-visual requirements: wake lock,…
🎨 Atlas — UI/UX Designer
Backend fix, but I want to flag the user-facing consequence of the 404 response once the fix is in.
The scenario from a user's perspective In normal usage,…
👨💻 Kai — Frontend Engineer
The ≤3-tap constraint and the two completely different interaction patterns per breakpoint (action sheet on mobile, inline panel on desktop) make this a fun but…
🔒 Sable — Security Engineer
This is one of the highest-impact issues in the backlog. Let me add precision to the threat model and fix requirements.
**Why both attack scenarios are…
🔧 Backend Engineer — Spring Boot / PostgreSQL Specialist
High priority and a clean fix — but a few implementation details worth getting right:
The right exception to throw:
- Both…
🔒 Sable — Security Engineer
This is a confirmed IDOR (Insecure Direct Object Reference) — OWASP Top 10 #1 (Broken Access Control). The attack scenario in the issue is realistic and…
🧪 QA Engineer — Join Household (A4)
The invite flow is a high-stakes path — it's the only way a new member enters the system. I want comprehensive coverage before this ships.
**Happy…
🧪 QA Engineer
This is one of the harder scenarios to test because it requires multi-session state. Here's the test plan.
Unit tests:
- These are limited here — the interesting behavior…
🔧 Backend Engineer — Join Household (A4)
The accept-invite flow touches three tables in one transaction: user_account, household_member, and household_invite. Let me walk through the…
🧪 QA Engineer
This is a textbook IDOR that needs a direct regression test. The fix is small but the test is what guarantees it never regresses.
Tests I'd add for this fix
Happy path…
👨💻 Kai — Frontend Engineer
The fix happens entirely in AuthService.java, but the status code change to 401 will touch our SvelteKit error handling — here's what I want to make sure we…
🎨 Atlas — UI/UX Designer
C1 is the core value screen — the one users land on every day. The spec exists and is the authoritative reference, but I want to flag a few design concerns before…
🏗️ Backend Engineer — Spring Boot / PostgreSQL Specialist
This is the right fix and it's non-trivial to implement correctly. Let me lay out the options clearly.
The core problem: Spring…